External Message
A message that enters TON from outside the network — typically a transaction a wallet sends to its own wallet contract to kick off a chain of actions.
Aliases: ext-msg, ext-in, off-chain message
External Message is a message that originates outside the TON network. The source isn’t another contract but an off-chain client — a wallet app, a bot, a backend. Almost always an external message is the user’s wallet sending a request to its own wallet contract.
Why they exist
In TON’s actor model every action is a message between contracts. But the first message has to come from somewhere. That somewhere is an external message: a user taps “Send” in Tonkeeper, the app builds an external message, signs it with the private key, and broadcasts it to the network. The wallet contract accepts it, verifies the signature, and emits internal messages on the user’s behalf.
How it differs from internal
| Property | External | Internal |
|---|---|---|
| Source | off-chain | another contract |
| Signature | usually required (private key) | not needed |
| Gas payer | the receiving contract from its own balance | typically the sender |
| Bounce | no | yes, when flag set |
External messages don’t carry TON onto the chain directly: gas is deducted from the receiver’s balance. That’s why a wallet contract must hold a positive balance — if it’s empty, the network simply drops the external.
Spam protection
Anyone can send externals to any address — it’s a public channel. So the wallet contract checks signature and nonce first, dropping any invalid message before spending real gas on it. This is a TON-specific design constraint: rejecting an external must be cheaper than processing it.